CVE-2006-5116

Executive Summary

Informations
Name	CVE-2006-5116	First vendor Publication	2006-10-03
Vendor	Cve	Last vendor Modification	2008-09-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	5.1	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	4.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5116

CPE : Common Platform Enumeration

Type	Description	Count
Application	Phpmyadmin Phpmyadmin cpe:/a:phpmyadmin:phpmyadmin:2.9.0_dev cpe:/a:phpmyadmin:phpmyadmin:2.8.4 cpe:/a:phpmyadmin:phpmyadmin:2.8.3 cpe:/a:phpmyadmin:phpmyadmin:2.8.1_dev cpe:/a:phpmyadmin:phpmyadmin:2.8.1 cpe:/a:phpmyadmin:phpmyadmin:2.8.0.3 cpe:/a:phpmyadmin:phpmyadmin:2.8.0.2 cpe:/a:phpmyadmin:phpmyadmin:2.8.0.1	8

Open Source Vulnerability Database (OSVDB)

id	Description
30141	phpMyAdmin url_generating.lib.php Multiple Method CSRF
30140	phpMyAdmin session.inc.php Multiple Method CSRF
29240	phpMyAdmin libraries/common.lib.php Multiple Method CSRF

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/20253
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/447491/100/0/threaded
CONFIRM	http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?dow... http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5
DEBIAN	http://www.debian.org/security/2006/dsa-1207
MISC	http://www.hardened-php.net/advisory_072006.130.html
SECUNIA	http://secunia.com/advisories/22126 http://secunia.com/advisories/22781 http://secunia.com/advisories/23086
SREASON	http://securityreason.com/securityalert/1677
SUSE	http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html
VIM	http://attrition.org/pipermail/vim/2006-October/001067.html
XF	http://xforce.iss.net/xforce/xfdb/29301

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 11:10:52	Multiple Updates

Type	Count
CPE ID(s)	8
osvdb(s)	3

Related	Severity
DSA-1207	(Medium)

Same Subject	Severity
Login to view 4 more Alert(s)

CVE-2006-5116

Executive Summary

Security-Database Scoring CVSS v2

Security Protection

Detail

Original Source

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU